The U.S. National Security Agency has figured out how to hide spying software deep within hard drives made by Western Digital, Seagate, Toshiba, and other top manufacturers, giving the agency the means to eavesdrop on the majority of the world’s computers, according to cyber researchers and former operatives. » Joseph Menn | businessinsider.com

Enter Digital Rights Management in its most primitive forms: let’s call it DRM 0.96. They introduced physical indicia which the software checked for—deliberate damage, dongles, hidden sectors—and challenge-response protocols that required possession of large, unwieldy manuals that were difficult to copy. These failed for two reasons. First, they were commercially unpopular, because they reduced the usefulness of the software to the legitimate purchasers. Honest buyers resented the non-functionality of their backups, they hated the loss of scarce ports to the authentication dongles, and they chafed at the inconvenience of having to lug around large manuals when they wanted to run their software. Second, these didn’t stop pirates, who found it trivial to patch the software and bypass authentication. People who took the software without paying for it were untouched. ...

Originally, there was kSplice as a standalone project that implemented stop_machine()-based patching for the linux kernel. This project got later acquired, and the current owner is providing live patching as a proprietary service, without any intentions to have their implementation merged. Then, due to rising user/customer demand, both Red Hat and SUSE started working on their own implementation (not knowing about each other), and announced first versions roughly at the same time. ...

En 1972 se ponía en venta en las tiendas norteamericanas la Magnavox Odyssey, la primera videoconsola de la historia. Un año antes un estudiante de la Universidad de Stanford y su socio habían construido la primera máquina recreativa de la historia. A partir de estos dos acontecimientos clave los videojuegos comenzaron a popularizarse creando a día de hoy una gigantesca industria de ocio y entretenimiento capaz de competir en seguidores y volumen de ventas con el cine o la música. ...

The Python reference documentation explicitly documents this behavior in the section on for loops: The for-loop makes assignments to the variables(s) in the target list. […] Names in the target list are not deleted when the loop is finished, but if the sequence is empty, they will not have been assigned to at all by the loop. » Eli Bendersky | eli.thegreenplace.net

Quincy Larson was just a ”guy in a suit in an office” and decided he wanted to learn how to code. So he asked around. He started by picking up a bit of Ruby then found himself skimming through other languages like Scala, Clojure and Go. He learned Emacs then Vim and even the Dvorak keyboard layout. He picked up Linux, dabbled in Lisp and coded in Python while living on the command line for more than half a year. ...

What would ”nice looking”—or ”beautiful”, for that matter—actually mean when referring to source code? I asked some programmer friends what they thought that meant. Their answers were obvious, but still worth stating: Code should be locally coherent and single-functioned: One function should do exactly one thing. It should be clear about what it’s doing. Local code should explain, or at least hint at the overall system design. Code should be self-documenting. Comments should be avoided whenever possible. Comments duplicate work when both writing and reading code. If you need to comment something to make it understandable it should probably be rewritten. » Shawn McGrath | kotaku.com

Así, cabe preguntarse por qué el principal desarrollador de una pieza de software tan sensible y popular “va a la quiebra”. ¿Problemas de juego? ¿Derroche sin más? Porque un programador de ese calibre, en esa posición, debería cobrar lo suyo y más en Alemania, país de Koch. Pero la pregunta adecuada no es por qué va a la quiebra o cuánto cobra, sino de qué vive este hombre. ¿De qué vive -repetimos- el principal desarrollador de una pieza de software tan sensible y popular como GPG? La respuesta, desafortunadamente, es que nadie le pagaba por su trabajo: vivía de la caridad, de las donaciones. ¿Suena duro? Es aún peor. ...

The vulnerability in the GNU C Library (glibc) represents a major Internet threat, in some ways comparable to the Heartbleed and Shellshock bugs that came to light last year. The bug, which is being dubbed ”Ghost” by some researchers, has the common vulnerability and exposures designation of CVE-2015-0235. While a patch was issued two years ago, most Linux versions used in production systems remain unprotected at the moment. What’s more, patching systems requires core functions or the entire affected server to be rebooted, a requirement that may cause some systems to remain vulnerable for some time to come. The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc function that’s invoked by the gethostbyname() and gethostbyname2() function calls. A remote attacker able to call either of these functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application. ...

Si al usar la librería de Python para XMPP nos aparece el error: Traceback (most recent call last): File "./test_xmpp.py", line 12, in cl.connect() File "/usr/lib/python2.7/dist-packages/xmpp/client.py", line 205, in connect while not self.TLS.starttls and self.Process(1): pass File "/usr/lib/python2.7/dist-packages/xmpp/dispatcher.py", line 303, in dispatch handler['func'](session,stanza) File "/usr/lib/python2.7/dist-packages/xmpp/transports.py", line 330, in StartTLSHandler self._startSSL() File "/usr/lib/python2.7/dist-packages/xmpp/transports.py", line 309, in _startSSL tcpsock._sslIssuer = tcpsock._sslObj.issuer() AttributeError: '_ssl._SSLSocket' object has no attribute 'issuer' parece que es debido a un fallo en dicha librería. ...